Time to Update the U.S. Privacy Act of 1974?

That’s what tech-journalist Declan McCullagh suggests in his latest online column — after learning that jetBlue Airways sold his (and lots of other people’s) personal info to a contractor who is doing research for U.S. government data-mining schemes.

A presentation prepared by contractor, Torch Concepts of Huntsville, Ala., describes how it merged the JetBlue database with U.S. Social Security numbers, home addresses, income levels and vehicle ownership information it purchased from Acxiom, a company that sells consumer data. Not all the details are clear, but the presentation discusses how Torch, on behalf of Uncle Sam, tried to rate each passenger’s security risk level by analyzing the merged databases.

That kind of disgraceful privacy intrusion demonstrates that it’s high time to amend the Privacy Act of 1974, which restricts databases that the U.S. government compiles but does not regulate how agencies access databases the private sector runs.

Enacted largely as a result of a federal report on automated data systems, the Privacy Act covers any “system of records” the government operates with personal information on American citizens. It limits the use and disclosure of those records and requires that the databases be protected with “appropriate administrative, technical and physical safeguards” to preserve their security and confidentiality. Government employees who disclose records in violation of the law’s procedures can be fined and imprisoned on misdemeanor charges.

In today’s world, the venerable Privacy Act doesn’t go far enough. It worked when computers could be defined as “automated data systems,” but Moore’s Law has exploded early 1970s-era notions of computing speed, and hard drive capacity has increased even more dramatically. The law fails to address the “databasification” of modern life.

Sounds good to me.